CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-12892
Medium

In the GStreamer library (gst-plugins-bad), processing a crafted H.264 video file with malformed MVC or SVC extension slice NAL units triggers a one-byte heap out-of-bounds read. The flaw occurs when the parser checks slice boundary information without verifying that the NAL unit contains enough data beyond the extension header.

CVE-2026-12891
Medium

A flaw was found in the GStreamer gst-plugins-bad package where processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator causes an out-of-bounds read of up to 8 bytes from adjacent memory. An attacker can exploit this by providing a malicious video file or stream, leading to memory content leakage through video metadata.

CVE-2026-12112
High

A session management vulnerability was found in the foreman-mcp-server. Unauthenticated attackers can hijack active administrative sessions due to improper caching of authenticated client connections, trusting a non-secret session ID without re-validating authentication tokens, and logging all newly created session IDs to standard logs.

CVE-2026-11820
Medium

A flaw in the community.general Ansible collection's nexmo module sends API credentials (api_key and api_secret) as URL query parameters via GET requests. This exposes credentials in web server logs, proxy logs, HTTP Referer headers, and network monitoring tools, despite the Ansible argument specification marking these parameters as no_log.

CVE-2026-11819
Medium

The Ansible keyring_info module leaks a passphrase from the OS native keyring (GNOME Keyring, macOS Keychain, Windows Credential Manager) into task results because the 'passphrase' output field lacks no_log protection. The passphrase is visible in logs, debug output, and fact caches.

CVE-2026-11807
Critical

A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activation_id to receive plaintext credentials associated with that activation, including OAuth tokens, vault passwords, and SSH keys.

CVE-2025-64105
Medium

FOSSBilling, a billing and client management system, has an IDOR vulnerability in versions 0.6.21 through 0.7.2, allowing authenticated clients to create support tickets referencing other clients' orders. The ticketCreateForClient() method did not verify order ownership, enabling manipulation of rel_id.

CVE-2026-54762
High

In Traefik versions from 3.7.0-ea.1 to 3.7.5, a medium severity vulnerability was found in the Kubernetes Ingress NGINX provider. When an Ingress explicitly enables BasicAuth or DigestAuth via auth-type and auth-secret annotations, but the referenced Secret cannot be resolved or parsed, Traefik logs the error, skips installing the authentication middleware, and still emits a router to the backend. This results in a protected route being published without access control, allowing unauthorized access.

CVE-2026-54761
High

Vulnerability in Traefik (versions prior to 3.6.21 and 3.7.5) in the Kubernetes Gateway provider affects the crossProviderNamespaces allowlist. For HTTPRoute rules with multiple backendRefs (WRR), Traefik incorrectly evaluates the allowlist against the target backendRef.namespace instead of the route's own namespace. This allows an HTTPRoute from a non-allowlisted namespace to reference internal Traefik services (e.g., api@internal) by pointing backendRef.namespace at an allowlisted namespace covered by a ReferenceGrant.

CVE-2026-54555
High

A vulnerability in rtk (versions before 0.42.2) allowed bypassing the permission control mechanism by hiding a second command within Bash shell constructs that were not properly split or rejected. A command starting with an allowed prefix (e.g., 'git') could contain a hidden command that executed without required user authorization.

CVE-2026-54328
High

Pi is a minimal terminal coding harness. From versions 0.74.0 to 0.78.1, temporary npm or git extension package installs used predictable paths under the operating system's temporary directory, allowing a local attacker to inject malicious code.

CVE-2026-54327
Low

Pi, a minimal terminal coding harness, from version 0.74.0 to 0.78.1 stores API keys and OAuth credentials in auth.json. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before tightening the file to owner-only permissions.

CVE-2026-54326
Low

Pi is a minimal terminal coding harness. In versions from 0.74.0 to 0.78.1, HTML exports did not consistently reject unsafe Markdown link and image URL schemes, potentially leading to security vulnerabilities.

CVE-2026-54325
Medium

Pi is a minimal terminal coding harness. In versions before 0.79.0, Pi loaded project-local resources and configurations from a repository's .pi directory without asking the user to trust that repository, potentially allowing malicious code execution.

CVE-2026-53622
Critical

In Traefik prior to 3.7.3, a critical vulnerability in HTTP/3 (QUIC) TLS configuration selection allows unauthenticated clients to bypass router-specific mTLS enforcement. The TLS handshake fails to match wildcard host patterns (e.g., *.example.com) or case variants, falling back to a default TLS config that may not require client certificates.

CVE-2026-48491
Critical

In Traefik versions 3.7.0 through 3.7.3, a vulnerability in the domain-fronting protection (SNICheck) allows an unauthenticated client to bypass mutual TLS enforced by wildcard router rules. The attacker can complete a TLS handshake under permissive options for one SNI and then send an HTTP Host header targeting a wildcard-protected backend without presenting a client certificate.

CVE-2026-48020
Critical

In Traefik prior to versions 2.11.48, 3.6.19, and 3.7.3, a high severity vulnerability exists in the StripPrefix middleware. An unauthenticated attacker can bypass route-level authentication and authorization by using a request path containing '..' or its percent-encoded form '%2e%2e'.

CVE-2026-45792
Medium

In RTK (Rust Token Killer) prior to version 0.32.0, a vulnerability was found due to improper trust of project-local configuration files. The tool automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An attacker can place a malicious filter file in a repository to selectively suppress or alter command output (including file contents, diffs, and security scan results) without detection, potentially concealing malicious code during AI-assisted development or review.

CVE-2026-39253
HighEPSS 52%

An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components.

CVE-2026-55736
Medium

A vulnerability in the Ash library allows an attacker to set the value of a private action argument intended to be controlled only by trusted server-side code. The filtering of private arguments is incomplete both in the regular changeset path (for binary keys) and in the atomic path (no filtering at all).

PreviousPage 214 of 4552Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS